From 2c91979dd477b73b75f2f772ae2d3fb5d960eb92 Mon Sep 17 00:00:00 2001
From: kooomix <eranm@armosec.io>
Date: Thu, 15 Aug 2024 14:20:19 +0300
Subject: [PATCH 1/4] feat: Update description of "Initial Access" in
 workload-unauthenticated-service.json

Signed-off-by: kooomix <eranm@armosec.io>
---
 attack-tracks/workload-unauthenticated-service.json | 13 +++----------
 1 file changed, 3 insertions(+), 10 deletions(-)

diff --git a/attack-tracks/workload-unauthenticated-service.json b/attack-tracks/workload-unauthenticated-service.json
index 42fddd22..62ec29d4 100644
--- a/attack-tracks/workload-unauthenticated-service.json
+++ b/attack-tracks/workload-unauthenticated-service.json
@@ -8,18 +8,11 @@
         "version": "1.0",
         "data": {
             "name": "Initial Access",
-            "description": "An attacker can access the Kubernetes environment.",
+            "description": "The service is exposed outside the Kubernetes network.",
             "subSteps": [
                 {
-                    "name": "Execution (Vulnerable Image)",
-                    "description": "An attacker can execute malicious code by exploiting vulnerable images.",
-                    "checksVulnerabilities": true,
-                    "subSteps": [
-                        {
-                            "name": "Data Collection",
-                            "description": "An attacker can gather data."
-                        }
-                    ]
+                    "name": "Data Collection",
+                    "description": "Database access is missing authentication and it can be accessed by anyone"
                 }
             ]
         }

From 24102452a7fa4cda1eb00d5f6b5087d1b8575328 Mon Sep 17 00:00:00 2001
From: kooomix <eranm@armosec.io>
Date: Thu, 15 Aug 2024 15:15:46 +0300
Subject: [PATCH 2/4] feat: Update supported Kubernetes versions in
 outdated-k8s-version rule

This commit updates the supported Kubernetes versions in the `outdated-k8s-version` rule. The versions `v1.31`, `v1.30`, and `v1.29` are now considered supported.

Signed-off-by: kooomix <eranm@armosec.io>
---
 rules/outdated-k8s-version/raw.rego | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/rules/outdated-k8s-version/raw.rego b/rules/outdated-k8s-version/raw.rego
index f592d87c..810931a3 100644
--- a/rules/outdated-k8s-version/raw.rego
+++ b/rules/outdated-k8s-version/raw.rego
@@ -18,7 +18,7 @@ deny[msga] {
 
 has_outdated_version(version)  {
 	# the `supported_k8s_versions` is validated in the validations script against "https://api.github.com/repos/kubernetes/kubernetes/releases"
-    supported_k8s_versions := ["v1.30", "v1.29", "v1.28"] 
+    supported_k8s_versions := ["v1.31", "v1.30", "v1.29"] 
 	every v in supported_k8s_versions{
 		not startswith(version, v)
 	}

From f1a7df78b6a6698aa5b620928a7efe47bef9098a Mon Sep 17 00:00:00 2001
From: kooomix <eranm@armosec.io>
Date: Thu, 15 Aug 2024 15:48:51 +0300
Subject: [PATCH 3/4] Update kubelet and kube-proxy versions to v1.31.6 in
 node.json

Signed-off-by: kooomix <eranm@armosec.io>
---
 rules/outdated-k8s-version/test/pass/input/node.json | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/rules/outdated-k8s-version/test/pass/input/node.json b/rules/outdated-k8s-version/test/pass/input/node.json
index ee12e614..30e409c7 100644
--- a/rules/outdated-k8s-version/test/pass/input/node.json
+++ b/rules/outdated-k8s-version/test/pass/input/node.json
@@ -200,8 +200,8 @@
           "bootID": "85cb3c8a-7d8e-4885-9a9c-e8a340332f21",
           "containerRuntimeVersion": "docker://20.10.7",
           "kernelVersion": "5.11.0-43-generic",
-          "kubeProxyVersion": "v1.28.6",
-          "kubeletVersion": "v1.28.6",
+          "kubeProxyVersion": "v1.31.6",
+          "kubeletVersion": "v1.31.6",
           "machineID": "b77ec962e3734760b1e756ffc5e83152",
           "operatingSystem": "linux",
           "osImage": "Ubuntu 20.04.2 LTS",

From 5d572aec98d00d406bbd0e0fff5e41c5d245cc66 Mon Sep 17 00:00:00 2001
From: kooomix <eranm@armosec.io>
Date: Sun, 18 Aug 2024 11:15:30 +0300
Subject: [PATCH 4/4] Update "Data Collection" step name to "Execution" in
 workload-unauthenticated-service.json

Signed-off-by: kooomix <eranm@armosec.io>
---
 attack-tracks/workload-unauthenticated-service.json | 2 +-
 controls/C-0274-unauthenticatedservice.json         | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/attack-tracks/workload-unauthenticated-service.json b/attack-tracks/workload-unauthenticated-service.json
index 62ec29d4..d3eb6b96 100644
--- a/attack-tracks/workload-unauthenticated-service.json
+++ b/attack-tracks/workload-unauthenticated-service.json
@@ -11,7 +11,7 @@
             "description": "The service is exposed outside the Kubernetes network.",
             "subSteps": [
                 {
-                    "name": "Data Collection",
+                    "name": "Execution",
                     "description": "Database access is missing authentication and it can be accessed by anyone"
                 }
             ]
diff --git a/controls/C-0274-unauthenticatedservice.json b/controls/C-0274-unauthenticatedservice.json
index d199fb92..0b208afe 100644
--- a/controls/C-0274-unauthenticatedservice.json
+++ b/controls/C-0274-unauthenticatedservice.json
@@ -13,7 +13,7 @@
             {
                 "attackTrack": "workload-unauthenticated-service",
                 "categories": [
-                    "Data Collection"
+                    "Execution"
                 ]
             }
         ]